Financial institutions have during the last several years made substantial efforts to promote the use of automated teller machines by their customers. The financial institutions view such machines as cost effective ways to provide services to individual customers.
However, such machines have experienced a number of drawbacks which have limited their acceptance with respect to the general public. One drawback is that a human teller is no longer present to carry out the transaction. Many customers, it has turned out, prefer human tellers over automated teller machines.
Another drawback that has been encountered with the use of such machines is a need to assure that the use of such machines is limited to authorized individuals and their respective accounts. In addition to utilizing an account number to identify a customer, a system has been developed which requires the customer to enter a personal identifier prior to carrying out a transaction. Provision is made for verification of not only the account number but also the personal identifier entered by the customer. The personal identifier, if kept in confidence, provides a level of security beyond the account number.
Obviously, if a personal identifier is not maintained in confidence, it has little or no value from the point of view of providing security to the system. Hence, not only should each personal identifier be unique at a given institution but in addition the personal identifier should not be publicly known.
In order to provide personal identifiers, institutions in the past have generated such identifiers and assigned them to customers in an arbitrary fashion. Much to the chagrin of the institutions, which are attempting to promote the popularity of automated teller machines, such arbitrarily assigned personal identifiers are often ignored or forgotten by the customers. Hence, there has been an attempt made to develop systems whereby the customer can freely specify his or her own personal identifier.
One way in which such specification can be securely carried out is to have the customer come into the institution, enter the relevant account number and then also enter the selected identifier. In such an arrangement, the identifier can be associated with the account number and stored in the institution's data base without any intervening human involvement which would permit connecting the customer's account number with the customer's personal identifier. Absent the availability of the customer to come into the institution, this is not a viable solution.
In another known system, a customer is mailed a document which explains the purpose for selecting a personal identifier. In addition, a translation table is provided in hard copy form with the same explanatory document. In this system, a customer selects an arbitrary personal identifier and then encrypts that identifier using the provided translation table.
The encrypted identifier along with the relevant account number, which may be preprinted, is recorded on a tear off return sheet which is to be returned to the institution by mail. Unfortunately, instead of returning only the tear off portion, from time-to-time, customers return the entire document including the translation table to the institution. This can provide access by personnel at the institution to both the account number and the unencrypted personal identifier. Such knowledge by one or more institution personnel provides an undesirable breach in the security of the system.
Further, not every customer is comfortable with or capable of making the necessary table translation to produce the encrypted personal identifier. In addition, the institution must maintain a decoding table for each customer so that the encrypted personal identifier can be decoded on receipt for storage in the institution's data base.
The above noted systems while workable can at times be inconvenient. The self-encrypting system can result in disclosure of an unencrypted personal identifier in combination with an unencrypted copy of the account number or the name of the associated customer. Hence, there continues to be a need for a convenient, inexpensive and very secure way in which a customer, remotely located from an institution and its data base, can specify in an arbitrary fashion a personal identifier. There is also a continuing need to be able to transmit that identifier to the institution for entry into the data base while at the same time maintaining an appropriate level of security.